Hacker Tracker | June in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

#1- FBI: These hackers are targeting healthcare records and IT systems with ‘Maui’ ransomware

• The FBI has attributed recent Maui ransomware attacks on US healthcare organizations to a North Korean state-sponsored hacking group. Three US agencies have warned over a lesser unknown ransomware called Maui that has targeted IT services at healthcare and public health organizations since May 2021. 
• The agencies believe Maui attacks on health will continue because the attackers assume these organizations will pay.  
• Maui ransomware differs from other well-known ransomware because it lacks an embedded ransom note with recovery instructions it’s manually operated by attackers via the command line.
• View the Source

#2- Brazen crooks are now posing as cybersecurity companies to trick you into installing malware | 7.11.22

• Cybersecurity company CrowdStrike reports phishing attacks that claim to come from security companies – including Crowdstrike itself.
• Brazen cyber criminals are now posing as cybersecurity companies in phishing messages that claim the recipient has been hit by a cyberattack and that they should urgently respond in order to protect their network. 
• If the recipient does responds, they risk opening the door to hackers and could see their systems compromised with malware, ransomware, and other dangerous cyber threats. 
• The message sent to victims claims to be from “your company’s outsourced data security services vendor” and suggests that “abnormal activity” and a “potential compromise” has been discovered on the network as part of a “daily network audit”. 
• View the Source

#3- Microsoft warning: This phishing attack can skip your defenses and has hit 10,000 firms already | 7.13.22

• Phishing campaigns are using web proxies to perfectly imitate corporate login pages that can help attackers dodge multi-factor authentication.
• Microsoft has warned that a large-scale phishing campaign using “adversary-in-the-middle” or AiTM websites has hit more than 10,000 organizations since September 2021. 
• Once a victim enters their credentials and authenticates, they are redirected to the legitimate page. But during this process, the attacker intercepts the credentials and is also authenticated on the user’s behalf.
• View the Source

Lessons Learned

#1- Healthcare has always been a steady target of ransomware gangs, but things appear to be heating up. Experts urge healthcare organizations to take proactive steps to protect themselves including: deploying public key cryptography and digital certifications to authenticate connections with the network, Internet of Things medical devices, and electronic health record systems. If you are a clinic or larger organization in the healthcare sector, make sure you are working with a qualified IT security team to create a proactive plan to protect yourself given today’s cybersecurity climate.

#2- From the CrowdStrike attack, we learn the old but nonetheless important lesson of verifying senders. Whether it’s an email, a text message, or a cybersecurity alert, always call to verify the sender. Hackers continue to use this tactic for one simple reason: it continues to work. If you work with a managed service provider for cybersecurity, make sure you know the IT maintenance schedule and ask for phone verification when they’re running updates, etc. 

#3- The Microsoft attacks are a bit alarming. Despite the fact that the Biden administration made MFA mandatory for federal agencies (which further encouraged its use for non-federal organizations and individuals), hackers have now found a way to reach their victims even in the presence of MFA. MFA doesn’t not work, but since the browser session cookie has been stolen by hackers, it doesn’t matter how the user logged into the site; the attacker can still get authenticated thanks to the second cookie. Where this we’ll lead and what this will mean for the security reputation of MFA, only time will tell.